The Cyber Security and Resilience Bill, announced by the Government in the King’s Speech, is to be introduced to Parliament this year.

The UK’s existing cyber security regulations, the Network and Information Systems Regulations 2018, were inherited from the EU. Two reviews following the introduction of the Regulations found that they were having a positive impact but progress had not been fast enough. The Government states that they urgently require updating to ensure that the country’s infrastructure and economy is not more vulnerable than that of the EU, where the previous regulations have been superseded.

The Bill will make crucial updates to the current regulatory framework by:

• expanding the remit of the Regulations to protect more digital services and supply chains;
• putting regulators on a strong footing to ensure essential cyber safety measures are being implemented. This will include potential cost recovery mechanisms to provide resources to regulators and providing powers to proactively investigate potential vulnerabilities; and
• mandating increased incident reporting to give the Government better data on cyber attacks. This will improve the Government’s understanding of the threats and alert it to potential attacks by expanding the type and nature of incidents that regulated entities must report.